Microsoft has postponed the launch of its controversial AI Recall feature on new Windows computers which captures periodic snapshots of a computer screen, giving Microsoft’s AI assistant Copilot a photographic memory of a user’s virtual activities to help recall previously viewed content across apps, websites, images, and documents. Initially set for broad release on June 18th, the preview feature for Copilot+ PCs will now be available to a smaller group of users in the Windows Insider Program (WIP) in the coming weeks. This reflects pushback on Microsoft’saggressive push to launch generative AI features, persistent security challenges, and user dissatisfaction after Microsoft CEO Satya Nadella praised Recall as “A move toward AI that instantly sees us, hears, and reasons about our intent and surroundings.” Users are concerned that Recall will potentially capture sensitive information like passwords or financial data and store these locally on devices in a format that could be captured by bad actors.
Pavan Davuluri, Corporate Vice President for Windows + Devices, stated on the company’s blog that Microsoft will refine the feature based on feedback from the Windows Insider community before a broader release. During internal testing, significant security issues were found with Recall. Data captured by the feature was astonishingly stored on disk without encryption, making it accessible to anyone with access to the PC, including potential attackers and it makes you wonder how the red-team associated missed that this would be a gift to anyone getting access to the user’s computer, particularly as Recall was nabled by default on Copilot+ PCs, even in its preview phase, which meant users who did not change the default settings would have their data recorded automatically.
The original plan was to release this version of Recall to reviewers along with the first batch of Copilot+ PCs; however, following public disclosure of these security vulnerabilities by researcher Kevin Beaumont, Microsoft pledged to add encryption and authentication measures and to disable Recall by default. It is quite staggering that in this day and age, any data is captured without secure encryption.
These changes were to be included in an update for the first Copilot+ PC shipments on June 18th but due to the security needs the release of Recall has been further delayed.
The delay was inevitable following Microsoft’s President Brad Smith recent testimony before Congress where he admitted Microsoft recent security failures and had promise prioritizing security over new AI features as part of the Microsoft Secure Future Initiative (SFI).